Hi, I've set up a trac via https using latest stable trac (1.2.2).
I've found a nice tool checking site configuration: https://observatory.mozilla.org/ Checking my trac installation I got a poor "D" rating. Following is the list of tests failed resulting in a negative score: Test Score Explanation Content Security Policy -25 Content Security Policy (CSP) header not implemented Contribute.json -10 Contribute.json file cannot be parsed X-Content-Type-Options -5 X-Content-Type-Options header not implemented X-Frame-Options -20 X-Frame-Options (XFO) header not implemented X-XSS-Protection -10 X-XSS-Protection header not implemented Since other sites hosted on my server get better ratings there must be a chance to fix this in the code. Another way is to add such headers to the apache config, but I'm not sure whether I am breaking something in trac and it's less flexible. Is there a chance to improve the headers trac is sending? Can I help with whatever is helpful? Regards Torge -- You received this message because you are subscribed to the Google Groups "Trac Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to trac-dev+unsubscr...@googlegroups.com. To post to this group, send email to trac-dev@googlegroups.com. Visit this group at https://groups.google.com/group/trac-dev. For more options, visit https://groups.google.com/d/optout.
